Tuesday, July 24, 2007

Kiddieprinting continues

I must congratulate Greg Mullholland the Leeds Lib/Dem MP for his sucess in forcing an adjournment debate last night on the thorny issue of the mass fingerprinting of schoolchildren, done largely without parental consent.

Of course the response he got from the schools minister Jim Knight was pitiful. Though interestingly the long delayed advice from the British Educational Communications and Technology Agency (BECTA) on the subject of Biometrics in Schools just happened to be launched on the same day. I wonder how that co-incidence happened.

Be that as it may the minister's comment,"It is important to clarify exactly what we mean by biometric data. The biometric element in this case, as the hon. Gentleman said, is an algorithmic representation of a fingerprint—not the recording of a fingerprint",just has to go down as one of the more fatuous statements about technology I have heard for a long time. Think about it, you are not reading letters now at all, you are looking at a vuisual representation of letters created by alogrithmic representation. He really must think we are stupid.

Anyhow Mullholland was able to remind people of the almost dictatorial powers of schools in this (and other regards). The Education Ministry - and yes I refuse to call it by its unbelievably trite new name (The Department for Children, Schools and Families)

“has issued no guidance to schools on the collection and recording of pupils’ biometric information. In collecting data of this type the school is likely to rely on the broad powers contained in paragraph 3 of Schedule 1 of the Education Act 2002. This enables a governing body to do anything which appears to them to be necessary or expedient for the purposes of, or inconnection with the conduct of the school.”—[ Official Report, 27February 2006; Vol. 443, c. 504W.]. My emphasis

Take a look at the difference between the advice given yesterday by our Government,

"5.2 Pupil and parent consentA question which is often asked is whether schools can legally collect biometric data without a pupil’s or their parents’ consent. There is nothing explicit in the Data Protection Act to require schools to seek the consent of parents before implementing a biometric technology system. The Data Protection Act 1998 provides that personal data shall not be processed unless one of the conditions of processing detailed in Schedule 2 of the Act is met. Consent is one of these, but it is not required if any of the other conditions applies.Regarding the age of a child, pupils are the data subjects of the personal data which is being collected and it is they who should in the first instance be informed about the use of their personal data. The Data Protection Act 1998 does not specify when a person is (or may be considered to be) too young to give consent. It is a matter of judgement that must be made on a case by case basis by the school as the data controller. Only where a pupil is judged to be unable to understand what is involved will his or her rights be exercisable by the parent or someone with parental responsibility for the pupil.Whilst consent is not required for all processing of personal data, schools should normally involve pupils and parents in their decisions to use biometric technologies as is the case with other decisions made during the school life of children".

"Consent: In the context of students attending a place of education, the Data Protection Commissioner would stipulate that the obtaining of consent is of paramount importance when consideration is being given to the introduction of a biometric system. It is the Commissioner’s view that when dealing with personal data relating to minors, the standards of fairness in the obtaining and use of data, required by the Data Protection Acts, are much more onerous than when dealing with adults. Section 2A(1)(a) of the Data Protection Acts states that personal data shall not be processed by a data controller unless the data subject has given his/her consent to the processing, or if the data subject by reason of his/her physical or mental incapacity or age, is or is likely to be unable to appreciate the nature and effect of such consent, it is given by a parent or guardian etc. While the Data Protection Acts are not specific on what age a subject will be able to consent on their own behalf, it would be prudent to interpret the Acts in accordance with the Constitution. As a matter of Constitutional and family law a parent has rights and duties in relation to a child. The Commissioner considers that use of a minor’s personal data cannot be legitimate unless accompanied by the clear signed consent of the child and of the child’s parents or guardian.

As a general guide, a student aged eighteen or older should give consent themselves. A student aged from twelve up to and including seventeen should give consent themselves and, in addition, consent should also be obtained from the student’s parent or guardian. In the case of children under the age of twelve, consent of a parent or guardian will suffice. All students (and/or their parents or guardians as set out above) should, therefore, be given a clear and unambiguous right to opt out of a biometric system without penalty. Furthermore, provision must be made for the withdrawal of consent which had previously been given.